Quote:A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox.
Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known advanced persistent threat (APT) group that researchers believe to be aligned with the Chinese state.
The group behind this attack aims to gather information on victims by snooping in on their Firefox browser data and Gmail messages, said researchers.
After installation, FriarFox gives cybercriminals various types of access to users’ Gmail accounts and Firefox browser data.
For instance, cybercriminals have the ability to search, read, label, delete, forward and archive emails, receive Gmail notifications and send mail from the compromised account. And, given their Firefox browser access, they could access user data for all websites, display notifications, read and modify privacy settings, and access browser tabs.
“The introduction of the FriarFox browser extension in TA413’s arsenal further diversifies a varied, albeit technically limited repertoire of tooling,” said Proofpoint on Thursday. “The use of browser extensions to target the private Gmail accounts of users, combined with the delivery of Scanbox malware, demonstrates the malleability of TA413 when targeting dissident communities.”
Read more: https://threatpost.com/malicious-mozilla...il/164263/
![[-]](https://www.geeks.fyi/images/collapse.png)
